Page 6 - Overview of IPSec and L2TP Technologies
IPSec
IP packets have no inherent security. Hence, where security is required, then IPSec is
used. IPSec is a method of protecting IP datagrams and provides:
1. Data origin authentication
2. Data integrity authentication.
3. Data content confidentiality.
IPSec protects IP packets by specifying the traffic to protect, how that traffic is to be
protected and to whom the traffic is sent. The method of protecting IP packets is by
using one of the IPSec protocols, the Encapsulating Security Payload (ESP) or the
Authentication Header (AH).
IPSec is a suite of protocols developed and maintained by the Internet Engineering
Task Force (IETF). The framework for IPSec is modular and component oriented. The
diagram below illustrates the interrelationship between all of the IPSec components that
maintain this modular approach. It is important to understand that each of these groups
serve a specific purpose and work together to provide a modular solution to Internet
security problems. By breaking IPSec into these seven different areas it become easier
to understand the objective of each group of components.
IPSec Architecture
Concepts, security requirements, definitions
and mechanisms.
Authentication Header (AH)
Packet format, padding contents,
mandatory algorithms and general issues
associated with authentication.
Encapsulation Security
Payload (ESP)
Packet format, padding contents,
mandatory algorithms and general
issues associated with encryption.
Domain of Interpretation
(DOI)
Key Management
Describes the IETF standard-track
key managements schemes.
Authentication Algorithm
Describes the set of
documents used for ESP and
AH authentication.
Encryption Algorithm
Illustrates the various
encryption algorithms used
for ESP.
Figure 2. An IPSec Framework
Page 6 - Overview of IPSec and L2TP Technologies
IP Office (R3.0)
General
40DHB0002UKER Issue 3 (4th February 2005)